<?php 

class commDbPdb extends PDO
{

    private static $_blacklist = 'UNION|LOAD_FILE|OUTFILE|DUMPFILE|ESCAPED|TERMINATED|CASCADE|INFILE|X509|TRIGGER|REVOKE';

    public function autoExecute($sql, $fetch_type="", $param=Array())
    {
        try
        {
            //쿼리에서 불필요한 문자열 제거
            $sql = trim($sql);
            $sql = preg_replace("/\/\*.*?\*\/(\r\n|\n|\r)?/s", "", $sql);
            $sql = preg_replace("/\n|\r|\t/"," ",$sql);
            $sql = preg_replace("/[\s]{2,}/"," ",$sql);

            //쿼리타입
            preg_match("/^(.+?)\s+/i",$sql,$type);
            $type = trim(strtoupper($type[0]));

            if (self::blacklist($sql)) {
                echo 'SQL BLOCK';
                exit;
            }
            
            switch($type)
            {
                case "SELECT":
                    //프리페어
                    $sth = self::prepare($sql);
                    //바인딩
                    if($param)
                    {
                        foreach($param AS $k=>$p)
                        {
                            switch(gettype($p))
                            {
                                case "integer":
                                case "double":
                                    $sth->bindValue($k+1,$p,PDO::PARAM_INT);
                                    break;
                                    
                                default:
                                    $sth->bindValue($k+1,$p,PDO::PARAM_STR);
                                    break;
                            }
                        }
                    }
                    //실행
                    $sth->execute();
                    $sth->setFetchMode(parent::FETCH_ASSOC);
                    if(!$sth->rowCount()) return null;

                    if($fetch_type=="row") $result = $sth->fetch();
                    else $result = $sth->fetchAll();

                    return $result;
                    break;

                case "INSERT":
                    $sth = self::prepare($sql);
                    if($param) $sth->execute($param);
                    else $sth->execute();

                    $lat_uid = self::lastInsertId();
                    
                    if($lat_uid) return $lat_uid;
                    else return false;
                break;
                     
                case "UPDATE":
                case "DELETE":
                    $sth = self::prepare($sql);
                    if($param) $sth->execute($param);
                    else $sth->execute();
                break;
                
                case "CALL" :
                    $sth = self::prepare($sql);
                    if($param) $sth->execute($param);
                    else $sth->execute();
                break;
                
                default:
                    return false;
                break;
            }
        }
        catch(PDOException $e)
        {
            echo $e->getMessage();
            return false;
        }

        return true;
    }

    public static function blacklist(&$query)
    {
        return preg_match("/".self::$_blacklist."/i", $query) ? true : false;
    }
}

?>